Securing business data

News Article

UK firms could face fines of up to £17million or more if they do not put in place viable cyber-security measures

by Giulia Foss | 09 Aug 2017

In the face of rising cyber-attacks, the UK government are now looking to take serious measures against organisations that are not making a concerted effort to tighten up their cyber security.

Hitting the bottom line

The new measures being considered by the government are part of an NIS Directive relating to loss of service rather than loss of data. These new rules would mean that British organisations who do not tackle cyber-security by putting in place viable measures, could face fines of up to £17m or 4% of their global turnover. The plans are being considered as part of a consultation launched today by the Department for Digital Culture, Media and Sport.

  • Fines could be as much as £17 million or 4 per cent of global turnover

The risk to national infrastructure

With the most recent WannaCry attacks on the NHS proving disastrous and resulting in patient records rendered inaccessible and ambulances being diverted off course, the impact of cyber-crime is starting to become evident. Cyber- attacks like WannaCry could have resulted in costs greater than simply financial, and with the proliferation of such breaches the government are moving forward with mandates that will prevent organisations facing such breaches in future, ultimately protecting society as a whole.

The outlined proposal put forward, focuses predominantly on national infrastructure, where cyber-attacks could have far reaching implications, affecting our water, energy, transport, health and digital infrastructure. It stands to reason that the elements behind such attacks as WannaCry, will look to target other areas where they can create chaos and profit, and these are worthy targets.

Taking back control

The NIS Directive, once implemented, will form an important part of the Government’s five-year £1.9 billion National Cyber Security Strategy. It will compel the service providers that look after Britain’s national infrastructure to make sure they are taking the necessary action to protect their IT systems.

Matt Hancock the Minister for Digital said: ‘We want the UK to be the safest place in the world to live and be online, with our essential services and infrastructure prepared for the increasing risk of cyber-attack and more resilient against other threats such as power failures and environmental hazards.

Hancock went on to say ‘The NIS Directive is an important part of this work and I encourage all public and private organisations in those sectors to take part in this consultation so together we can achieve this aim.’

What do organisations need to do now?

Operators will be required to put in place strategies and policies that enable them to understand the cyber-security risks they face now and in the future. As we all simply understanding the risks, they will be expected to implement effective measures that will seek to prevent system failures or attacks.

To meet the requirements of this directive, the new government measures stipulate that organisations will need to cover off the following areas:

  • Strategy & policies to understand and manage risk
  • Threat detection
  • Security monitoring
  • Staff awareness and training
  • Rapid response and recovery

Shannon Simpson CEO of one of the UK’s leading Cyber-Security consultancy and service providers said  ‘As a government accredited cyber-security company that works with some of the country’s largest players in national infrastructure, as well as with many government agencies, both local and national, we support this move.  Cyber-Security is our business, it’s what we do daily, so we’re aware of the magnitude of attacks that are taking place and how disruptive they can be’

Simpson went on to sayThe reality is, to successfully fight this threat it’s about taking a holistic approach to cyber-security, something we practice at CNS. Our success in looking after our clients is a result of providing the services, solutions and processes they need to stay safe. Taking this multi-pronged approach is the only way to truly keep our businesses and institutions protected against ever increasing cyber threats’

The Government will shortly hold workshops with operators so they can provide feedback on the proposals.
call us

Get in touch

Talk to our experts today +44 (0) 20 7592 8800

Send us a message

We'll get back to you Send us a message

Connect with us

See what we're saying elsewhere